dongshengyin0147 2018-01-03 16:14
浏览 135
已采纳

路由的多个中间件不起作用

I'm using Laravel 5.5.

I created 4 middlewares, one middleware by user role.

The admin has same rights as the employee. However, admin owns some more privileges.

Routing File:

Route::group(['prefix' => 'admin'], function() {

    // EMPLOYEE AND ADMIN ROUTES
    Route::group(['middleware' => ['admin', 'employe']], function() {
         Route::get('showCreationSeance', 'AdministrationController@showCreationSeance');
         Route::get('showAjoutCoach', 'AdministrationController@showAjoutCoach');
         Route::get('showReservationClient', 'AdministrationController@showReservationClient');
         Route::get('showAnnulationClient', 'AdministrationController@showAnnulationClient');

         Route::post('creerSeance', 'AdministrationController@creerSeance')->name('admin/creerSeance');
         Route::post('ajouterCoach', 'AdministrationController@ajouterCoach')->name('admin/ajouterCoach');
    });

    // ADMIN ROUTES
    Route::group(['middleware' => 'admin'], function() {
         Route::get('showCreationActivite', 'AdministrationController@showCreationActivite');
         Route::get('showAjoutEmploye', 'AdministrationController@showAjoutEmploye');

         Route::post('creerActivite', 'AdministrationController@creerActivite')->name('admin/creerActivite');
         Route::post('ajouterEmploye', 'AdministrationController@ajouterEmploye')->name('admin/ajouterEmploye');
     });
});

Middlewares:

class AdminMiddleware
{
    public function handle($request, Closure $next)
    {
        $user = User::getUser(Auth::user()->id_utilisateur);

        if(!$user->estAdmin()) {
            throw new AuthorizationException();
        }

        return $next($request);
    }
}

class EmployeMiddleware
{
    public function handle($request, Closure $next)
    {
        $user = User::getUser(Auth::user()->id_utilisateur);

        if(!$user->estEmploye()) {
            throw new AuthorizationException();
        }

        return $next($request);
    }
}

Methods used into middlewares:

public function estAdmin() {
    $idStatutAdmin = Statut::select('id_statut')
        ->where('nom_statut', '=', 'ROLE_ADMIN')
        ->first();

    return ($idStatutAdmin->id_statut == $this->id_statut) ? true : false;
}

public function estEmploye() {
    $idStatutEmployee = Statut::select('id_statut')
        ->where('nom_statut', '=', 'ROLE_EMPLOYEE')
        ->first();

    return ($idStatutEmployee->id_statut == $this->id_statut) ? true : false;
}

Stack Trace:

Illuminate\Foundation\Exceptions\Handler render
…/app/Exceptions/Handler.php 51

Illuminate\Auth\Access\AuthorizationException 
…/app/Http/Middleware/AdminMiddleware.php 25

Illuminate\Foundation\Http\Kernel handle
…/public/index.php 55

The problem: The routes defined for admin and employee didn't work and I get an error:

Symfony \ Component \ HttpKernel \ Exception \ AccessDeniedHttpException

No message

While routes for admin only work perfectly. Can you tell me if I'm doing this correctly?

When I'm connected as an admin, it is EmployeMiddleware which throw an error. And when I'm connected as employee, it is AdminMiddleware which throw an error.

Thank's for your help!

  • 写回答

1条回答 默认 最新

  • dongyuelian9602 2018-01-03 17:12
    关注

    The user has the id_statut column which can only be ROLE_ADMIN or ROLE_EMPLOYEE. Take the following example:

    $roles = [
        'admin' => 2,
        'employee' => 1
    ];
    
    $user = [
        'id_statut' => 1
    ];
    
    if ($user['id_statut'] == $roles['employee']) {
        // User is an employee - this code will execute
    }
    if ($user['id_statut'] == $roles['admin']) {
        // User is not an admin - this code will NOT execute
    }
    if ($user['id_statut'] == $roles['employee'] && $user['id_statut'] == $roles['employee']) {
        // User is an employee AND an admin
        // This is impossible based on your database structure as id_statut cannot be both 1 and 2
    }
    

    An easy solution would be to check if the user is an employee or higher permission in estEmploye(). For example:

    public function estEmploye() {
        $idStatutEmployee = Statut::select('id_statut')
            ->where('nom_statut', 'IN', ['ROLE_EMPLOYEE', 'ROLE_ADMIN'])
            ->get('id_statut');
        return in_array($this->id_status, $idStatutEmployee);
    }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 关于#c++#的问题:水果店管理系统
  • ¥30 dbLinq最新版linq sqlite
  • ¥20 对D盘进行分盘之前没有将visual studio2022卸载掉,现在该如何下载回来
  • ¥15 完成虚拟机环境配置,还有安装kettle
  • ¥15 2024年全国大学生数据分析大赛A题:直播带货与电商产品的大数据分析 问题5. 请设计一份优惠券的投放策略,需要考虑优惠券的数量、优惠券的金额、投放时间段和投放商品种类等因素。求具体的python代码
  • ¥15 有人会搭建生鲜配送自营+平台的管理系统吗
  • ¥15 用matlab写代码
  • ¥30 motoradmin系统的多对多配置
  • ¥15 求组态王串口自定义通信配置方法或代码?
  • ¥15 实验 :UML2.0 结构建模